> According to the error message gpg-agent is unable to sign using the card:
> > ssh user at server
> > Agent admitted failure to sign using the key.
> > Permission denied (publickey,keyboard-interactive).
I had a look on the card with pksc15-tool (removed irrelevant parts):
PKCS#15 Card [OpenPGP Card]:
Version : 0
Serial number : XXX
Manufacturer ID: OpenPGP project
Language : de
Flags : PRN generation, EID compliant
PIN [Signature PIN]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x13], case-sensitive, local, initialized
Length : min_len:0, max_len:32, stored_len:32
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path : 3f00
Tries left : 3
PIN [Encryption PIN]
Object Flags : [0x3], private, modifiable
ID : 02
Flags : [0x13], case-sensitive, local, initialized
Length : min_len:0, max_len:32, stored_len:32
Pad char : 0x00
Reference : 2
Type : ascii-numeric
Path : 3f00
Tries left : 0
Private RSA Key [Authentication key]
Object Flags : [0x3], private, modifiable
Usage : [0x200], nonRepudiation
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 2 (0x2)
Native : yes
Auth ID : 02
ID : 03
For me it looks like the authentication private key uses the encryption pin
(Auth ID 0x02) while it should use the signature pin.
It tried to set the encryption pin via "pkcs15-tool --auth-id 02 --change-pin"
but this did not work: "PIN code change failed: Data object not found".
It seems the encryption pin is not supported by gnupg.
Is there any way to change the authentication key to use the signature pin?
On mu Gnupg card is only the autentication key present, all other keys are
currently empty. May this happen due to the empty slots and may be fixed when I
add an encryption key to the card?